An issue was discovered in the kernel in OpenBSD 6.6. The WEP, WPA, WPA2, and WPA3 implementations treat fragmented frames as full frames. An adversary can abuse this to inject arbitrary network packets, independent of the network configuration.
https://www.fragattacks.com
https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu
https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md
http://www.openwall.com/lists/oss-security/2021/05/11/12
https://www.tenable.com/cyber-exposure/2021-threat-landscape-retrospective
https://www.fragattacks.com/
Source: Mitre, NVD
Published: 2021-05-11
Updated: 2021-12-03
Named Vulnerability: FragAttacks
Base Score: 2.6
Vector: CVSS2#AV:N/AC:H/Au:N/C:N/I:P/A:N
Severity: Low
Base Score: 5.3
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
Severity: Medium
EPSS: 0.00272